How Matthew Broderick Shaped U.S. Cybersecurity Policy

It's not often that Hollywood influences national policy. We have still not prepared for the dino-disaster foretold by Jurassic Park, for example, and The Martian has yet to inspire dramatically increased NASA funding. (Not to mention Roman Polanksi and those stubborn extradition laws.)

Which is why this recent bit of trivia from Fred Kaplan, author of a soon-to-be-released history of "cyber war," is so surprising: apparently, Matthew Broderick, Ally Sheedy, and 1983's hit film "WarGames" had a major impact on early U.S. cybersecurity measures.

Hollywood: D.C. for Pretty People

"WarGames," if you haven't seen it, tells the story of David Lightman, played by Mathew Broderick, a teen hacker in Seattle who breaks into a NORAD supercomputer. Thinking he's playing a game, he almost sets off a nuclear war with the U.S.S.R.

The movie was a hit and not just with the general public. The day after it debuted, then-President Ronald Reagan had it screened at Camp David. According to Kaplan, who retold the story in The New York Times, "WarGames" quickly became a preoccupation for our ex-Hollywood president.

At a meeting with his national security advisors, President Reagan recounted the plot of "WarGames" and commanded General John Vessey Jr., chairman of the Joint Chiefs of Staff, with finding out if something similar was possible in the real world.

As Kaplan tells it, the screenwriters for "WarGames" were inspired by a very real security risk:

A hacker friend had told them about "demon-dialing," in which a telephone modem searched for other modems by automatically dialing each phone number in an area code and letting it ring twice before proceeding to the next number. If a modem answered, it would squawk; the demon-dialing software would record the number, so the hacker could call back later. In their screenplay, this was how their hero broke into NORAD. But they wondered if this was plausible: Didn't the military close off its computers to public telephone lines?

The answer was no. In order to allow army officers to work from home on weekends, NORAD computers were online and completely unprotected. All you needed was the right number to dial in.

Gen. Vessey reported to Reagan that, not only was "WarGames" possible, but that "the problem is much worse than you think."

From the Silver Screen to NSDD-145

Of course, Vessey, Reagan, and Mathew Broderick weren't the first to highlight the risks shown in "WarGames." As Kaplan notes, a small group of scientists had been worrying about cybersecurity risks since the very first days of the ARPAnet and American intelligence was already exploiting "WarGames"-style security holes in Russia and China.

But it was "WarGames" that inspired America's first cybersecurity directive: NSDD-145, the "National Policy on Telecommunications and Automated Information Systems Security." That directive established initial objectives and structures for "safeguarding systems which process or communicate sensitive information from hostile exploitation."

But it also put the NSA in charge of securing both government and civilian networks and gave leading roles to the Department of Defense and National Security Council, a troubling mix of domestic and foreign intelligence and civilian versus military approaches to security.

Concerns from Congress and civil libertarians, the type that still play out today, eventually killed the directive, proving that Matthew Broderick's on-screen magic can only go so far to solving real world cybersecurity concerns.